4

We have an on prem RRAS server that connects to an Azure Virtual Network that allows us to have an On Prem/Azure hybrid. My query is, if i was to provision a public IP address in azure, what would be the best way to route it to one of our on prem VMs through the site to site connection? I have had a look around and haven't seen any similar scenarios.

This would help me in a few ways

  • We have run out of public IPs locally and they are rather expensive from our provider
  • It would make it easier for developers to expose stuff to the outside world for our lab environment
MrBeanzy
  • 161
  • 9
  • Do you mean you want azure can connect one of your on prem VM? – Jason Ye Mar 09 '17 at 10:35
  • @JasonYe-MSFT Effectively i want to assign a Azure Public IP to an on prem vm to expose some services. But forward the traffic from the Public IP to the OnPrem VM over the existing site to site connection. – MrBeanzy Mar 09 '17 at 10:43
  • It looks like i could use a load balancer in azure to accomplish this, but you cant make rules that point to IP addresses. Only VMs in azure. – MrBeanzy Mar 10 '17 at 09:26
  • not sure if it still helps, but try nginx with tcp stream – sloth Apr 26 '18 at 14:35

2 Answers2

1

i want to assign a Azure Public IP to an on prem vm to expose some services. But forward the traffic from the Public IP to the OnPrem VM over the existing site to site connection

For now, we can't use Azure VPN in this way. Because Azure only route azure pre-defind IP addresses. the public IP access to Azure will not route to your on-prem VMs.

Jason Ye
  • 2,399
  • 1
  • 8
  • 10
0

Have you looked at using Azure Application Gateway?

https://azure.microsoft.com/en-gb/services/application-gateway/

It will allow the gateway to be in Azure with a public IP and publish your on premise web services

Or how about a VM / virtual appliance with IP Forwarding enabled running NAT that can then forward traffic to your on premise network using your existing site-to-site link?

http://www.cisco.com/c/en/us/td/docs/security/asa/asa95/asav/quick-start/asav-quick/asav-azure.html

Michael Brown
  • 3,204
  • 2
  • 9
  • 10
  • I think that just works for HTTP traffic? We sometimes need to expose services that aren't based on http. – MrBeanzy Mar 09 '17 at 11:19